Re: [secdir] SecDir review of draft-ietf-dna-simple-11

Suresh Krishnan <> Wed, 09 December 2009 23:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C4AD93A6782; Wed, 9 Dec 2009 15:36:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WglBJHbIcRFv; Wed, 9 Dec 2009 15:36:11 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E856A3A63EB; Wed, 9 Dec 2009 15:36:10 -0800 (PST)
Received: from ([]) by (8.13.1/8.13.1) with ESMTP id nB9Na7nD002856; Wed, 9 Dec 2009 17:36:16 -0600
Received: from [] ( by ( with Microsoft SMTP Server id 8.1.375.2; Wed, 9 Dec 2009 18:35:47 -0500
Message-ID: <>
Date: Wed, 9 Dec 2009 18:34:32 -0500
From: Suresh Krishnan <>
User-Agent: Thunderbird (X11/20090817)
MIME-Version: 1.0
To: Yaron Sheffer <>
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 8bit
Cc: "" <>, "" <>, secdir <>
Subject: Re: [secdir] SecDir review of draft-ietf-dna-simple-11
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 09 Dec 2009 23:36:11 -0000

Hi Yaron,
     Thanks for your detailed review. Sorry for the delayed response.

On 09-11-18 12:56 PM, Yaron Sheffer wrote:
> The Security Considerations are focused on one specific aspect, namely 
> the use of SEND. I think we should make clear here that none of the DNA 
> operations by themselves add any measure of security, unless SEND is 
> actually used. Specifically, I suggest to add the text: “The DNA 
> procedure does not in itself provide positive, secure authentication of 
> the router(s) on the network, or authentication of the network itself, 
> as e.g. would be provided by mutual authentication at the link layer. 
> Therefore when such assurance is not available, the host MUST NOT make 
> any security-sensitive decisions based on the DNA procedure. In 
> particular, it MUST NOT decide it has rejoined a network known to be 
> physically secure, and proceed to abandon cryptographic protection.”

Sounds good. Will add the text into the Security considerations.

> Other Comments
> 4.1: DUID - is this the host’s DUID or the router's? Per RFC 3315, both 
> have such a value.

The client's DUID. This section probably needs a rework anyway to add a 
few more fields. I will clarify this in the next rev.

> 4.3: "all currently configured IP addresses" - but only for this 
> physical interface, right?

Yes. Propose rewording to

"After the indication is received on an interface, the host considers 
all  (non-tentative) IP addresses currently configured on this interface 
to be deprecated until the change detection process completes."

> 4.8: why is no DAD performed? Someone else might have joined the network 
> while I was disconnected, and has a duplicate of my address.

One reason is that this issue can already occur in current networks due 
to network partioning and merging, DAD packet loss etc. We attempted to 
quantify the conditions under which DAD should or should not be 
performed but there was strong working group consensus against doing so 
and strong consensus for adding this current text.